<?php
include_once ('class.mssql.php');

class EditOwner
{
    private $comtec_id_owner;

    private $cod_owner;
    private $company_name;
    private $rut;
    private $address;
    private $contact_name;
    private $contact_lastname1;
    private $contact_lastname2;
    private $contact_position;
    private $phone;
    private $email;

    private $errors;
    private $token;

    public function __construct()
    {
        $this->errors   = array();
        
        $this->comtec_id_owner = $_POST['comtec_id_owner'];
        $this->cod_owner = $_POST['cod_owner'];
        $this->company_name         = $_POST['company_name'];
        $this->address    = $_POST['address'];
        $this->contact_name    = $_POST['contact_name'];
        $this->rut          = $_POST['rut'].$_POST['rut_cod'];
        $this->contact_lastname1	    = $_POST['contact_lastname1'];
        $this->contact_lastname2 = $_POST['contact_lastname2'];
        $this->contact_position   = $_POST['contact_position'];
        $this->phone       = $_POST['phone'];
        $this->email = $_POST['email'];

        $this->token    = $_POST['token'];
    }
    
    public function process()
    {
        if($this->valid_token() && $this->valid_data())
            $this->edit();

        return count($this->errors)? 0 : 1;
    }

    public function filter($var)
    {
        return preg_replace('/[^a-zA-Z0-9@.]/','',$var);
    }

    public function filter_num($var)
    {
        return preg_replace('/[^0-9+]/','',$var);
    }

    public function edit()
    {
        $db = new MSSQL();
        
        $tsql  = "UPDATE owner SET ";
	$tsql .= " cod_owner= ? , ";
        $tsql .= " company_name= ? , ";
        $tsql .= " rut= ? , ";
        $tsql .= " address= ? , ";
        $tsql .= " email= ? , ";
        $tsql .= " phone= ? , ";                             
        $tsql .= " contact_name= ? , ";
        $tsql .= " contact_lastname1= ? , ";
        $tsql .= " contact_lastname2= ? , ";
        $tsql .= " contact_position= ? ";                           
	$tsql .= " WHERE comtec_id_owner= ? ";
        
        $params = array( &$this->cod_owner,
                         &$this->company_name,
                         &$this->rut,
                         &$this->address,
                         &$this->email,
                         &$this->phone,
                         &$this->contact_name,
                         &$this->contact_lastname1,
                         &$this->contact_lastname2,
                         &$this->contact_position,
                         &$this->comtec_id_owner);
        
        $stmt = sqlsrv_prepare( $db->getConn(), $tsql, $params);  
       if(!$stmt)
       {
        //echo "Statement could not be prepared.\n";
        die( print_r( sqlsrv_errors(), true));
       } 
       /* Execute the statement. */
       if(!sqlsrv_execute($stmt))
       { 
        //echo "Statement could not be executed.\n";
        die( print_r( sqlsrv_errors(), true));
       }

    }

    public function show_errors()
    {
        $msg = "";
        foreach($this->errors as $key=>$value)
            $msg = $msg . $value . "\n";
        return $msg;
    }

    public function valid_data()
    {
        //if($this->user_exists())
          //  $this->errors[] = 'Direccion de correo electronico ya existe';

        return count($this->errors)? 0 : 1;
    }

    public function valid_token()
    {
        if(!isset($_SESSION['token']) || $this->token != $_SESSION['token'])
            $this->errors[] = 'Registro inv&aacute;lido';

        return count($this->errors)? 0 : 1;
    }
}
?>
